The passwords of 25 thousand registered to take the medical residency exam were leaked

The passwords of 25 thousand registered to take the medical residency exam were leaked

Spread the love

The passwords of 25 thousand registered to take the medical residency exam were leaked

A file with personal information of 25,000 applicants to the medical residency exam leaked this Friday, exposing numbers of DNI, phones, emails and username and password of those listed. The information was confirmed to Clarion by sources from the Ministry of Health: “It was a specific error by the system developer,” they explained.

Although the security breach has already been fixed and the information cannot be downloaded from the official site, the file is already circulating and this entails a huge danger for the safety of those who applied to the exam: your personal data is already in circulation.

During the afternoon of this Friday, several Twitter users warned of the situation, based on the corroboration of the incident by the Instagram account of Medicine graduates, which called to change passwords to avoid further problems among those affected.

The main problem is that the data was stored without any type of security measure to protect the information, which is why it could be downloaded in a .csv file, similar to a .txt.

Password change warning. Instagram photo

Computer security expert Javier Smaldone published 4 tweets explaining the situation. “Words are not enough for me to explain how gross you have to be to, in the middle of 2021, store passwords in plain text. In addition to being a nonsense in terms of security, it is already a violation of the rights of users (because even if they are not filtered, the system administrator can see the keys) ”, He added to Clarion.

It is urgent that those who applied to the exam change their passwords. “People are now going to have to change their passwords … in the mail (and social networks, because the cell phone number is enough to log in). Unfortunately, you cannot change the rest of your personal data ”, explained the IT expert.

The “.txt” file, in circulation

The registry, which could be accessed from the official site of the Ministry of Health, published the personal data of those registered for a short period of time.

On Twitter, several users also tried to spread the word about the situation. Other users warned of the importance of communicating the fact so that those affected change your passwords:

Information no longer available for download. The problem is that, once these types of files circulate, passwords and personal data can be sold for cybercriminals to use: from stealing personal information to extorting those involved.

The “.txt” with the keys even became a source of humor in networks.

The vulnerability of reused passwords

There is a second problem associated with passwords that exceeds the registration standard for exams: one of the most frequent errors is repeat keys on different platforms (and, according to Google, used by 52% of users).

Repeating simple passwords in all the services we use is an invitation to what is known as “credential stuffing“, a practice in which cybercriminals” sweep “logins to various services from bots until they manage to enter because, precisely, we repeat the same password everywhere.

One of the solutions to these scenarios is to use a password manager.